Affected arches on CC.
paxctl-0.4 adds the '-C' option. This new functionality adds a PT_PAX_FLAGS
header where one did not exist before (useful for pre-built binaries). It's
the last piece of functionality need before the old EI flags (which strictly
speaking contravene the ELF specification) can be phased out.
This method is more invasive than the others. Typically, ELF files do not have
any spare room in their Program Header table, and also typically the header is
included in the PT_LOAD sections (i.e. the header is included as part of the
process image). The -C option deals with this by extending the process image
downwards by one page, reducing the base load address by one page and adjusting
offsets in the ELF file so that the code etc in the process image remains at
its original location.
You can check this if you have a binary not built with the Gentoo toolchain
(which always adds a PT_PAX_FLAGS header). I've tested it on amd64 with
dev-java/sun-jdk, and the results seem to be fine there. For other arches, I
don't know of any packages that are not built by Gentoo and are provided only
in binary form.
If you need me to provide detailed instructions on how to check that the new
functionality works (i.e. beyond that it just emerges ok), just say and I'll
write something up.
